Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Catching Malware En Masse - DNS and IP Style

Black Hat via YouTube

Overview

Explore innovative strategies for detecting and mitigating malware at the DNS and IP level in this Black Hat conference talk. Dive into advanced techniques for tracking botnets, including fast flux and DGA-based methods, using graph clustering and DNS traffic analysis. Learn about unconventional approaches to IP reputation that combine AS graph topology analysis with granular IP range investigations. Discover how to preemptively detect and block malicious IP infrastructures, closing the detection gap against evolving threats. Experience the power of 3D visualization in malware analysis, with demonstrations of GPU-accelerated force-directed algorithms and OpenGL ES rendering. Gain insights into real-world "war stories" of hunting down malware domains and rogue IP spaces, and explore practical tools for gathering predictive threat intelligence.

Syllabus

Introduction
Welcome
Agenda
Current Climate
Investigation Process
What is Fast Flux
Fast Flux Proxy Network
Zeus
CNC domains
Methods
Workflow
Semantic Library
Data Extraction
Citadel Examples
Botnet Examples
What is Pony
Passwords
Applications
Stats
Clients
IP Style
OVH Canada
OVH Ukraine
OVH Russia
Nuclear Exploited Domains
Prediction for Fight Protection
How we did it
Interest
Fingerprinting
Same server setup
Growing trend
OVH
Rope
Electric Kitten
Police
English dictionaries
ASN graph
Understanding the internet
The IT Crowd
The Internet
Why do we do this
OpenCL view
Cluster view
Network geek
Network connectivity
Investigation
Conclusions
Visual approach
Detect
Summary
BGP Outages
ISP Outages
Autonomous Systems
In Conclusion

Taught by

Black Hat

Reviews

Start your review of Catching Malware En Masse - DNS and IP Style

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.